Airline Dispatchers Federation.
Representing the professional interests of the Aircraft Dispatcher.

Screen Shot 2018 09 23 at 7.03.47 PM

avtec spons

Cybersecurity: Protecting Airline Operational and Communication Systems

In early 2018, the Department of Homeland Security and the Federal Bureau of Investigation issued a joint Technical Alert (TA18-07A) warning of sustained, multi-stage intrusion campaigns targeting U.S. government entities and critical industry sectors, including aviation. Threat actors used sophisticated strategies aimed at trusted, third-party suppliers, known as “staging targets,” to ultimately gain access to systems and networks at “intended targets.” Compromised staging targets saw source code downloaded, users’ credentials stolen, local administrator accounts hijacked, and websites altered with malicious code. 

The reality is clear: Hackers are looking for any vulnerability they can find to infiltrate critical industrial sectors, including airlines. And experts agree that with the increasing integration of disparate technologies to manage operations, including mission-critical communications, the weakest link is often third-party vendors. 

Buttoning Down Mission-Critical Communications

To address this complex, multi-faceted threat, airlines, government agencies, and airline vendors have been aggressively assessing and reworking standards, procedures, and protocols to confront the changing cybersecurity ecosystem. In this environment, secure communications systems that are updated regularly have become mission-critical. 

A Review of Best Practices 

Robust cybersecurity requires a methodical and strategic approach. Risk identification and process documentation are invariably part of this effort, but these alone are not a sufficient strategy. Best practices require a foundational commitment to cybersecurity from senior management, who is responsible for the protection of passengers, airline and customer assets, brand reputation, and profitability. Executives must understand, support, and direct cybersecurity affairs, while simultaneously ensuring that corporate objectives are aligned with processes to address deficiencies and foresee threats. 

Establishing a Cross-Functional Security Council

Hacking attempts are ongoing and becoming more sophisticated. The multi-layered, complex nature of cybersecurity requires an experienced, expert team at the helm for both airlines and their vendors. Because cybersecurity is so very broad in scope, a cybersecurity council should include a cross-section of managers and subject matter experts, including engineering and information technology, sales and marketing, and legal, depending on the organization. The purpose of this council is to deliver and maintain a security program that safeguards information and assets against unauthorized use, disclosure, modification, damage, or loss. The council should meet on a regular schedule to define and communicate the overall corporate cybersecurity posture, and to identify and prioritize opportunities for improvement using a continuously repeatable process. In doing so, members should also require ongoing employee training and certification, so that those on the front lines are prepared to recognize and address emerging threats. Additionally, the council should ensure that all protections against cyberattacks are updated regularly.

Forming a Security Incident Response Team

Logically functioning as subset of the corporate cybersecurity council, an airline’s security incident response team takes ownership of:

·      Guidelines and procedures for effective incident response for perceived attempts at security breaches as well as actual breaches.

·      The communication process upstream to senior leadership with respect to detection, containment, and response efforts to any incident.

·      Returning systems to normal status and holding after-action reviews.

·      Execution of the business continuity plan and periodic training scenarios.

Benchmarking of Lessons Learned

In developing and maintaining a forward-looking corporate cybersecurity policy, airlines should evaluate the causes of and solutions for cyberattacks across all industry segments. Individuals charged with cybersecurity systems should continuously evaluate the latest breaches and emerging threats, assessing them as they relate to the airline’s physical assets and information systems.

Developing a Plan of Action and Milestones 

The Plan of Action and Milestones(POA&M) functions as the security roadmap for airlines and business partners. The POA&M provides a corrective plan to track, resolve, and mitigate security weaknesses, including defining implementation steps. No company, including an airline, is ever 100% prepared to fend off all security threats, but the goal for any business is to get as close to 100% as possible, with a clear method to document and track countermeasures and compensating controls that will address problem areas efficiently and effectively. Using a POA&M process gives all involved a clear procedure for ongoing security improvement efforts. 

Updating Software

Airlines that are the most effective in addressing cyberthreats review and evaluate security updates regularly and choose only those vendors that aggressively secure their products with regular security updates. Compensating measures and/or mitigation plans must be implemented to address security gaps when updates cannot be deployed. These updates should include firmware and security patches, rolled in together to strengthen the enterprise’s defense against current security threats, thereby reducing the chance for data and system compromise. 

Building Intrusion Prevention & Detection Systems

In the past, cyberattackers focused on easy targets. Today, their attacks are not only far more sophisticated, but also, once unleashed, are progressively becoming more automated. The 2018 joint DHS/FBI alert underscored hackers’ increasing success in moving well beyond network reconnaissance into the deployment of malicious toolkits aimed at assaulting industrial control systems. To combat both internal and external threat actors, intrusion prevention and detection systems should be in place to minimize risks and quickly detect and address security breaches. Solid protect-and-defend systems should include such elements as traffic and packet monitoring, well-defined firewalls, port scanning, and, ultimately, system logs/alerts. A separate, expertly staffed information security operations center, or ISOC, should be in place to monitor, assess, and defend systems and assets. 

Hiring a Third-Party Security Auditor

An airlines’ day-to-day cybersecurity practices should include both vulnerability scanning to detect weaknesses as well as penetration testing to assess whether corrective actions taken to thwart identified vulnerabilities have done their job in adequately protecting essential systems. Beyond these internal practices, however, it is equally important for airlines to conduct an annual third-party audit to identify weaknesses and continually strengthen their cybersecurity position. Even the most experienced internal security experts can miss critical vulnerabilities that can jeopardize efforts to protect an airline and its passengers, so having an unbiased third-party cybersecurity auditor is as critical as the maintenance of an airline's fleet.

Keeping Ahead of the Threats

Cybersecurity is no longer relegated exclusively to airline IT managers and executives. Managing current and emerging threats is increasingly a top-down, enterprisewide strategic imperative that crosses professional disciplines, all with an aim to protect against threat actors, who can range from bad geopolitical actors to disgruntled employees. The potential for disaster is vast and far reaching, and the aviation industry must continue to defend itself with collaborative efforts involving all stakeholders, from airlines and its third-party suppliers to government agencies and independent experts. 

Avtec’s Voice over Internet Protocol dispatch console system Scout—the choice of six major U.S. airlines—is designated compliant with requirementsof the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) plan and the security controls of the National Institute of Standards and Technology (NIST) Special Publication 800-53. For more information about Avtec and Scout’s IP dispatching solution for aviation, visit us online.

Screen Shot 2018 09 23 at 7.08.02 PM
Airlines are under pressure to reduce costs and time in order to stay competitive. Having the right information at an optimal time is critical to improving operational efficiency, which translates to fuel and cost savings. 

Jeppesen Flight Planning and Dispatch offers a complete suite of products that enable dispatchers and airline operators to produce the optimal flight plans tailored to their operational needs. Our full-featured dispatch system is designed for configurable workflow to manage assigned flight dispatch operations to include planning, release, briefing, in-flight monitoring and support post flight analytics. 

JetPlanner PRO is Jeppesen’s completely redesigned flight planning product that is well-suited for basic and complex flight planning tasks. This end-to-end flight planning solution enables dispatchers and airline operations personnel to define the optimal level of automation to incorporate into their workflow, including manual, partial or fully automated dispatch processes.  JetPlanner PRO’s dual-screen interface with graphical real-time weather and customizable user layouts provides a portal into operational flights and associated plans, alert management, automation controls, text weather and filterable NOTAMS and flight parameters all within an intuitive and easy-to-use environment. 

Optimized flight plan creation is critical. So is the need to deliver the right data at the right time and to the right people. Many airlines find that their crews receive far too much information per flight, and in many instances the creation of flight brief package is generally a manual and lengthy process, requiring additional resources to identify and verify the appropriate data. Jeppesen’s flight planning briefing tool from Bytron, skybook, is a powerful crew briefing and flight monitoring suite of products that maximizes efficiency by allowing dispatchers, pilots, and airline operations personnel to dynamically manage its briefing process and flight status effectively. Skybook’s Flight Operations Portal and optional companion App, not only improve quality and distribution of briefing data, but also reduces reporting times and increase the ability of the airline to store, interrogate and manage post flight data. 

JetPlanner PRO and skybook provide dispatchers and airline operations personnel with one of the most integrated and dynamic solutions in the market. Jeppesen’s flight planning suite of powerful, versatile, and modular products integrated with external services such as scheduling, crew briefing, fuel analysis, maintenance, and crew scheduling provides a comprehensive operations environment.

Screen Shot 2018 09 23 at 6.06.29 PM

is an aviation services company, wholly owned by Airbus, dedicated to Flight Operations and Air Traffic Management Solutions. Through digital & collaborative innovation, our passionate and customer-focused team develops solutions to enhance the safety and efficiency of air transport. Fueled by the agility of Airbus ProSky and Navtech, and the pioneering spirit of Airbus, NAVBLUE was created in July 2016 with one mission: Lead aviation into the digital age. NAVBLUE offers the highest level of expertise in digital cockpit operations, Operations Control Centre (OCC) systems, Performance Based Navigation (PBN) and Air Traffic Management (ATM). Its staff is composed of highly experienced dispatchers, flight operations analysts, performance engineers, air traffic controllers, project managers and IT/software specialists. 

N-Flight Planning is the centerpiece of NAVBLUE’s N-OCC suite with a proven record serving over 170 airlines around the world. N-Flight Planning is an award-winning flight-planning solution that remains the fastest on the market with a proven record of consistently outputting the most optimal and efficient flight routes. Built on modern service-oriented systems architecture with a highly configurable rules engine, N-Flight Planning is designed to empower Airlines and Dispatchers with the ability to fine-tune the flight planning engine to meet their specific operational needs. Automation and configurable alerting increases productivity and enables the dispatcher to manage-by-exception the flight planning workflow. Integrated real-time weather, Flight-Hazard Avoidance from DTN, NOTAM tunneling and filtering, and RAIM and ADS-B checks are all standard out-of-the-box features. N-Flight Planning remains at the cutting-edge of innovation with a continuously evolving flight-planning engine which readily adapts and scales in pace with the growth and changing operational requirements of any airline. 

NAVBLUE and Airbus are committed to positioning N-Flight Planning as an industry-leading flight planning solution. Future innovation is driven by the broader Airbus family with recent workshops bringing together experts from NAVBLUE, METRON Aviation and Airbus Airline Sciences and Analytics. 

State-of-the-art technologies like machine learning and big-data analytics will provide the technological foundation for our vision to lead the industry towards an era of Dynamic Enroute Flight Planning, Collaborative Airspace Management (CTOPS/TOS), and increased optimization from Tail-Centric 

Performance. When coupled together, we believe that N-Flight Planning and N-Tracking, NAVBLUE’s ADS-B based flight following solution, will transform the role of the dispatcher. 

NAVBLUE’s N-OCC Suite also includes N-RAIDO, a revolutionary approach to Ops and Crew Management, enabling Airlines to eliminate several existing day-of-ops and long-term planning applications with a single highly configurable system. Airlines can now manage Schedule Planning, Day-of-Ops Management, Crew Scheduling, Crew Payroll, Crew Planning and Crew Qualifications all within one application with specific user profiles for each work-group. Built on modern systems architecture, N-RAIDO empowers airlines with the ability to define and maintain their own rules, automation, events and reports eliminating several manual processes. Through N-RAIDO Fire mobile access, Airline flight crews will have real-time access to their schedules and the ability to perform trip trades and pick-up from opentime remotely from their mobile devices. Our N-OCC suite also includes several standalone Crew Planning solutions.

               FlySmart andMission Plus our EFB solutions as well as Charts Plus our airport charts solution. 

               ROPs our runway safety system, Navigation Plus and Airports Plus for onboard FMS. 

               ADOCAirFASE,and Analytics for Airline Flight Ops, as well as consulting services. 

               DESIGN, ASSESS, ELISE and GNSS for Airspace and Airport Management.

Benefits of ADF Membership

  • ADF Weather Links
  • Job Postings
  • Discussion Forums
  • Dispatch Related Videos